9 matches found
CVE-2026-23959
CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...
CVE-2026-23959
CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...
CVE-2026-23959
CoreShop (Pimcore-based eCommerce) contains an error-based SQL Injection in the admin-facing endpoint /admin/coreshop/customer-company-modifier/duplication-name-check, affecting versions prior to 4.1.9. The root cause is unsafe interpolation of user input into a SQL condition (example pattern: sp...
CVE-2026-23959
CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...
CVE-2026-23959 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...
CoreShop security vulnerability
CoreShop is an open-source e-commerce system developed by CoreShop. Versions of CoreShop prior to 4.1.9 contained security vulnerabilities. These vulnerabilities stemmed from improper insertion of user input into SQL queries through the CustomerTransformerController, which could lead to SQL...
CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...
GHSA-FQCV-8859-86X2 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...
PT-2026-3891
Name of the Vulnerable Software and Affected Versions CoreShop versions prior to 4.1.9 Description An error-based SQL Injection issue exists in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly incorporates user-supplied input into a SQL query,...